Fix image tags since double quotes in .env are interpreted as part of the value

Release v2.0.0 images

.github/workflows/release.yml

@@ -74,15 +74,3 @@ jobs:
         with:
           body_path: wlan-cloud-ucentral-deploy/chart/release.txt
           files: wlan-cloud-ucentral-deploy/chart/dist/*
-
-  trigger-testing:
-    runs-on: ubuntu-latest
-    needs: helm-package
-    steps:
-    - name: Trigger testing of release
-      uses: peter-evans/repository-dispatch@v1
-      with:
-        token: ${{ secrets.WLAN_TESTING_PAT }}
-        repository: Telecominfraproject/wlan-testing
-        event-type: new-ap-release
-        client-payload: '{"ref": "${GITHUB_REF#refs/tags/}", "sha": "${{ github.sha }}"}'

.gitignore

@@ -1,3 +1,8 @@
 *.swp
 chart/charts/*
+!chart/charts/.gitkeep
 /docker-compose/certs/
+/docker-compose/*-data/data/
+/docker-compose/*-data/uploads/
+/docker-compose/.env
+/docker-compose/.env_*

README.md

@@ -15,6 +15,6 @@ This is a short version of [uCentral branching model](https://telecominfraprojec
 
 1. Create release branch with next Chart version (check Git tags for the latest version - for example if latest tag was `v0.1.0`, create release branch `release/v0.1.1`), set required microservices tags in refs in Chart.yaml (for example, if we want to have this version to be tied to ucentralgw release version `v2.0.0`, we should set it’s repository to `"git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.0.0"`).
 2. Increase Helm version in [Chart.yaml](./chart/Chart.yaml) to the same version as Git tag (for example if the latest git tag is `v0.1.0`, set version `0.1.1` (**without v in it**) in Chart.yaml).
-3. Also increase the microservice image tags used by the Docker Compose deployments according to the release in the 'Image tags' section of the `docker-compose/.env.selfsigned` and `docker-compose/.env.letsencrypt` files.
+3. Also increase the microservice image tags used by the Docker Compose deployment according to the release in the [.env](./docker-compose/.env) file.
 4. Create new git tag from release branch. The Git tag should have the same name as the intended release version. Once the tag is pushed to the repo, Github will trigger a build process that will create an assembly Helm chart bundle with all version fixed to the release equal to the Git tag name and will publish it to the public Artifactory and as GitHub release asset.
 5. Release to the QA namespace using the packaged Helm assembly chart to verify there are no issues related to the deployment.

chart/Chart.lock

@@ -1,15 +1,12 @@
 dependencies:
-- name: owgw
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.2.0-RC1
+- name: ucentralgw
+  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.0.0
   version: 0.1.0
-- name: owsec
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v2.2.0-RC1
+- name: ucentralsec
+  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v2.0.0
   version: 0.1.0
-- name: owfms
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=v2.2.0-RC1
-  version: 0.1.0
-- name: owgwui
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v2.2.0-RC1
+- name: ucentralgwui
+  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v2.0.0
   version: 0.1.0
 - name: rttys
   repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-rtty@chart?ref=v0.1.0
@@ -17,5 +14,5 @@ dependencies:
 - name: kafka
   repository: https://charts.bitnami.com/bitnami
   version: 13.0.2
-digest: sha256:a19a0fa348103400875a95769469f595ee0cd9121ddba2750158afde282d9af5
-generated: "2021-10-01T14:54:00.222699952+03:00"
+digest: sha256:9c9d4eefb4d86337134eae961a297ad76eb025d077d78b82847f5653983161c5
+generated: "2021-08-02T13:50:27.857633819+03:00"

chart/Chart.yaml

@@ -1,21 +1,19 @@
 apiVersion: v2
-name: openwifi
+name: wlan-cloud-ucentral
 appVersion: "1.0"
 description: A Helm chart for Kubernetes
-version: 2.2.0-RC1
+version: 2.0.0
 dependencies:
-- name: owgw
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.2.0-RC1"
+- name: ucentralgw
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.0.0"
   version: 0.1.0
-- name: owsec
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v2.2.0-RC1"
+- name: ucentralsec
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v2.0.0"
   version: 0.1.0
-- name: owfms
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=v2.2.0-RC1"
-  version: 0.1.0
-- name: owgwui
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v2.2.0-RC1"
+- name: ucentralgwui
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v2.0.0"
   version: 0.1.0
+  condition: ucentralgwui.enabled
 - name: rttys
   repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-rtty@chart?ref=v0.1.0"
   version: 0.1.0

chart/README.md

@@ -1,6 +1,6 @@
-# openwifi
+# ucentralgw
 
-This Helm chart helps to deploy OpenWIFI Cloud SDK with all required dependencies to the Kubernetes clusters. Purpose of this chart is to setup correct connections between other microservices and other dependencies with correct Values and other charts as dependencies in [chart definition](Chart.yaml)
+This Helm chart helps to deploy uCentral with all required dependencies to the Kubernetes clusters. Purpose of this chart is to setup correct connections between other microservices and other dependencies with correct Values and other charts as dependencies in [chart definition](Chart.yaml)
 
 ## TL;DR;
 
@@ -12,7 +12,7 @@ $ helm install .
 
 ## Introduction
 
-This chart bootstraps the OpenWIFI Cloud SDK on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+This chart bootstraps an uCentral on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
 
 Current dependencies may be found in [chart definition](Chart.yaml) and list will be extended when new services will be introduced.
 
@@ -24,7 +24,7 @@ To install the chart with the release name `my-release`:
 $ helm install --name my-release git+https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/@chart?ref=main
 ```
 
-The command deploys the OpenWIFI Cloud SDK on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that will be overwritten above default values from dependent charts.
+The command deploys ucentralgw on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that will be overwritten above default values from dependent charts.
 
 > **Tip**: List all releases using `helm list`
 
@@ -50,12 +50,10 @@ The following table lists the configurable parameters that overrides microservic
 
 | Parameter | Type | Description | Default |
 |-----------|------|-------------|---------|
-| `owgw.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Gateway to use Kafka for communication | `'true'` |
-| `owgw.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Gateway to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
-| `owsec.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Security to use Kafka for communication | `'true'` |
-| `owsec.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Security to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
-| `owfms.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Firmware to use Kafka for communication | `'true'` |
-| `owfms.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Firmware to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
+| `ucentralgw.configProperties."ucentral\.kafka\.enable"` | string | Configures uCentralGW to use Kafka for communication | `'true'` |
+| `ucentralgw.configProperties."ucentral\.kafka\.brokerlist"` | string | Sets up Kafka broker list for uCentralGW to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
+| `ucentralsec.configProperties."ucentral\.kafka\.enable"` | string | Configures uCentralSec to use Kafka for communication | `'true'` |
+| `ucentralsec.configProperties."ucentral\.kafka\.brokerlist"` | string | Sets up Kafka broker list for uCentralSec to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
 | `rttys.enabled` | boolean | Enables [rttys](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-rtty) deployment | `True` |
 | `rttys.config.token` | string | Sets default rttys token |  |
 | `kafka.enabled` | boolean | Enables [kafka](https://github.com/bitnami/charts/blob/master/bitnami/kafka/) deployment | `True` |
@@ -64,6 +62,7 @@ The following table lists the configurable parameters that overrides microservic
 | `kafka.image.repository` | string | Kafka Docker image repository | `'bitnami/kafka'` |
 | `kafka.image.tag` | string | Kafka Docker image tag | `'2.8.0-debian-10-r43'` |
 | `kafka.minBrokerId` | number | Sets Kafka minimal broker ID (useful for multi-node Kafka installations) | `100` |
+| `ucentralgwui.enabled` | boolean | Enables [uCentralGW-UI](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui) deployment | `True` |
 
 If required, further overrides may be passed. They will be merged with default values from this chart and other subcharts with priority to values you'll pass.
 
@@ -71,11 +70,11 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
 
 ```bash
 $ helm install --name my-release \
-  --set owgw.replicaCount=1 \
+  --set ucentralgw.replicaCount=1 \
     .
 ```
 
-The above command sets that only 1 instance of OpenWIFI Gateway to be running
+The above command sets that only 1 instance of ucentralgw to be running
 
 Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
 

chart/templates/_helpers.tpl

@@ -2,7 +2,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "openwifi.name" -}}
+{{- define "wlanclouducentral.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
@@ -11,7 +11,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "openwifi.fullname" -}}
+{{- define "wlanclouducentral.fullname" -}}
 {{- if .Values.fullnameOverride -}}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
@@ -27,6 +27,6 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "openwifi.chart" -}}
+{{- define "wlanclouducentral.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}

chart/values.yaml

@@ -1,26 +1,22 @@
-# OpenWIFI Gateway (https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/)
-owgw:
-  fullnameOverride: owgw
+# uCentralGW (https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/)
+ucentralgw:
+  fullnameOverride: ucentralgw
 
   configProperties:
-    openwifi.kafka.enable: "true"
-    openwifi.kafka.brokerlist: kafka:9092
+    ucentral.kafka.enable: "true"
+    ucentral.kafka.brokerlist: kafka:9092
+    logging.formatters.f1.pattern: "%Y-%m-%d %H:%M:%S %s: [%p] %t"
+    logging.loggers.root.channel: c1
 
-# OpenWIFI Security (https://github.com/Telecominfraproject/wlan-cloud-ucentralsec)
-owsec:
-  fullnameOverride: owsec
+# uCentralSec (https://github.com/Telecominfraproject/wlan-cloud-ucentralsec)
+ucentralsec:
+  fullnameOverride: ucentralsec
 
   configProperties:
-    openwifi.kafka.enable: "true"
-    openwifi.kafka.brokerlist: kafka:9092
-
-# OpenWIFI Firmware (https://github.com/Telecominfraproject/wlan-cloud-ucentralfms)
-owfms:
-  fullnameOverride: owfms
-
-  configProperties:
-    openwifi.kafka.enable: "true"
-    openwifi.kafka.brokerlist: kafka:9092
+    ucentral.kafka.enable: "true"
+    ucentral.kafka.brokerlist: kafka:9092
+    logging.formatters.f1.pattern: "%Y-%m-%d %H:%M:%S %s: [%p] %t"
+    logging.loggers.root.channel: c1
 
 # rttys (https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-rtty)
 rttys:
@@ -47,6 +43,8 @@ kafka:
   zookeeper:
     fullnameOverride: zookeeper
 
-# OpenWIFI Web UI (https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui/)
-owgwui:
-  fullnameOverride: owgwui
+# uCentral UI (https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui/)
+ucentralgwui:
+  enabled: true
+
+  fullnameOverride: ucentralgwui

docker-compose/.env

@@ -0,0 +1,7 @@
+COMPOSE_PROJECT_NAME=ucentral
+UCENTRALGW_TAG=v2.0.0
+UCENTRALGWUI_TAG=v2.0.0
+UCENTRALSEC_TAG=v2.0.0
+RTTYS_TAG=3.5.0
+KAFKA_TAG=latest
+ZOOKEEPER_TAG=latest

docker-compose/.env.letsencrypt

@@ -1,33 +0,0 @@
-# Image tags
-COMPOSE_PROJECT_NAME=openwifi
-OWGW_TAG=v2.2.0-RC1
-OWGWUI_TAG=v2.2.0-RC1
-OWSEC_TAG=v2.2.0-RC1
-OWFMS_TAG=v2.2.0-RC1
-RTTYS_TAG=3.5.0
-KAFKA_TAG=latest
-ZOOKEEPER_TAG=latest
-ACMESH_TAG=latest
-TRAEFIK_TAG=latest
-
-# Microservice root/config directories
-OWGW_ROOT=/owgw-data
-OWGW_CONFIG=/owgw-data
-OWSEC_ROOT=/owsec-data
-OWSEC_CONFIG=/owsec-data
-OWFMS_ROOT=/owfms-data
-OWFMS_CONFIG=/owfms-data
-
-# Microservice hostnames
-INTERNAL_OWGW_HOSTNAME=owgw.wlan.local
-INTERNAL_OWGWUI_HOSTNAME=owgw-ui.wlan.local
-INTERNAL_OWSEC_HOSTNAME=owsec.wlan.local
-INTERNAL_OWFMS_HOSTNAME=owfms.wlan.local
-INTERNAL_RTTYS_HOSTNAME=rttys.wlan.local
-SYSTEM_URI_UI=https://openwifi.wlan.local
-OWGW_HOSTNAME=
-OWGWUI_HOSTNAME=
-OWGWFILEUPLOAD_HOSTNAME=
-OWSEC_HOSTNAME=
-OWFMS_HOSTNAME=
-RTTYS_HOSTNAME=

docker-compose/.env.selfsigned

@@ -1,27 +0,0 @@
-# Image tags
-COMPOSE_PROJECT_NAME=openwifi
-OWGW_TAG=v2.2.0-RC1
-OWGWUI_TAG=v2.2.0-RC1
-OWSEC_TAG=v2.2.0-RC1
-OWFMS_TAG=v2.2.0-RC1
-RTTYS_TAG=3.5.0
-KAFKA_TAG=latest
-ZOOKEEPER_TAG=latest
-ACMESH_TAG=latest
-TRAEFIK_TAG=latest
-
-# Microservice root/config directories
-OWGW_ROOT=/owgw-data
-OWGW_CONFIG=/owgw-data
-OWSEC_ROOT=/owsec-data
-OWSEC_CONFIG=/owsec-data
-OWFMS_ROOT=/owfms-data
-OWFMS_CONFIG=/owfms-data
-
-# Microservice hostnames
-INTERNAL_OWGW_HOSTNAME=owgw.wlan.local
-INTERNAL_OWGWUI_HOSTNAME=owgw-ui.wlan.local
-INTERNAL_OWSEC_HOSTNAME=owsec.wlan.local
-INTERNAL_OWFMS_HOSTNAME=owfms.wlan.local
-INTERNAL_RTTYS_HOSTNAME=rttys.wlan.local
-SYSTEM_URI_UI=https://openwifi.wlan.local

docker-compose/.env_ucentralgw

@@ -0,0 +1,3 @@
+RUN_CHOWN=true
+UCENTRALGW_ROOT=/ucentralgw-data
+UCENTRALGW_CONFIG=/ucentralgw-data

docker-compose/.env_ucentralgw-ui

@@ -0,0 +1,2 @@
+DEFAULT_UCENTRALSEC_URL=https://ucentral.wlan.local:16001
+ALLOW_UCENTRALSEC_CHANGE=false

docker-compose/.env_ucentralsec

@@ -0,0 +1,3 @@
+RUN_CHOWN=true
+UCENTRALSEC_ROOT=/ucentralsec-data
+UCENTRALSEC_CONFIG=/ucentralsec-data

docker-compose/README.md

@@ -1,74 +1,20 @@
 # Docker Compose
-With the provided Docker Compose files you can instantiate a deployment of the OpenWifi microservices and related components. The repository contains a self-signed certificate and a TIP-signed gateway certificate which are valid for the `*.wlan.local` domain. You also have the possibility to generate and use Letsencrypt certs instead of the provided self-signed cert for everything except the owgw websocket service.
-## Deployment with self-signed certificates
+With the provided Docker Compose file you can instantiate a complete deployment of the uCentral microservices and related components for local development purposes. To spin up a local development environment:
 1. Switch into the project directory with `cd docker-compose/`.
-2. Add an entry for `openwifi.wlan.local` in your hosts file which points to `127.0.0.1` or whatever the IP of the host running the deployment is.
-3. Since the deployment is split into multiple Compose and .env files it makes sense to create an alias, for example:
+2. This repository contains a gateway certificate signed by TIP and a self-signed certificate for the REST API and other components which are used by default in the Compose deployment. The certificates are valid for the `*.wlan.local` domain and the Docker Compose uCentral microservice configs use `ucentral.wlan.local` as a hostname, so make sure you add an entry in your hosts file (or in your local DNS solution) which points to `127.0.0.1` or whatever the IP of the host running the deployment is. Be aware that by default only port `15002` (websocket) and `16003` (fileupload) are exposed on all interfaces and the rest only on localhost. Make sure to adapt that according to your needs.
+3. If you have your own certificates and want to use the deployment for anything other than local development copy your certs into the `certs/` directory and reference them in the appropriate sections of the microservice configuration files. Make sure to also adapt the sections which reference the hostname. For more information on certificates please see the [certificates section](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw#certificates) of this README and/or [CERTIFICATES.md](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/master/CERTIFICATES.md).
+4. Docker Compose pulls the microservice images from the JFrog repository. If you want to change the image tag or some of the image versions which are used for the other services, have a look into the `.env` file. You'll also find service specific `.env` files in this directory. Edit them if you want to change database passwords (highly recommended!) or other configuration data. Don't forget to adapt your changes in the application configuration files.
+5. Open `docker-compose/ucentralgw-data/ucentralgw.properties` to change [authentication data](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw#default-username-and-password) for uCentralGW (again highly recommended!).
+6. Spin up the deployment with `docker-compose up -d`.
+7. Add the self-signed certificates to the system trust store of the containers with `./add-ca-cert.sh`.
+8. Either add the `certs/restapi-ca.pem` certificate to your trusted browser certificates or add SSL certificate exceptions in your browser by visiting `https://ucentral.wlan.local:16001` and `https://ucentral.wlan.local:16002` (make sure to visit both and add the exceptions).
+9. Connect to your AP via SSH and add a static hosts entry in `/etc/hosts` for `ucentral.wlan.local` which points to the address of the host the Compose deployment runs on.
+10. Navigate to the UI `http://ucentral.wlan.local` and login with your uCentralGW authentication data.
+11. To use the [curl test script](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/main/TEST_CURL.md) to talk to the API set the following environment variables:
 ```
-alias docker-compose-selfsigned="docker-compose -f docker-compose.yml -f docker-compose.selfsigned.yml --env-file .env.selfsigned"
-```
-Spin up the deployment with `docker-compose-selfsigned up -d` and make sure to always use the alias when executing `docker-compose` commands. You also have the possibility to scale specific services to a specified number of instances with `docker-compose-selfsigned up -d --scale SERVICE=NUM`, where `SERVICE` is the service name as defined in the Compose file.
-
-4. Check if the containers are up and running with `docker-compose-selfsigned ps`.
-5. Add SSL certificate exceptions in your browser by visiting https://openwifi.wlan.local:16001, https://openwifi.wlan.local:16002 and https://openwifi.wlan.local:16004.
-6. Connect to your AP via SSH and add a static hosts entry in `/etc/hosts` for `openwifi.wlan.local` which points to the address of the host the Compose deployment runs on.
-7. Navigate to the UI `https://openwifi.wlan.local` and login with your OWSec authentication data.
-8. To use the curl test scripts included in the microservice repositories set the following environment variables:
-```
-export UCENTRALSEC="openwifi.wlan.local:16001"
+export UCENTRALSEC="ucentral.wlan.local:16001"
 export FLAGS="-s --cacert <your-wlan-cloud-ucentral-deploy-location>/docker-compose/certs/restapi-ca.pem"
 ```
-⚠️**Note**: When deploying with self-signed certificates you can not make use of the trace functionality in the UI since the AP will throw a TLS error when uploading the trace to OWGW. Please use the Letsencrypt deployment or provide your own valid certificates if you want to use this function.
+The `--cacert` option is necessary since the REST API certificates are self-signed. Omit the option if you provide your own signed certificates.
 
-## Deployment with Letsencrypt certificates
-1. Switch into the project directory with `cd docker-compose/`.
-2. Adapt the following hostname and URI variables according to your environment.
-### .env.letsencrypt
-| Variable                  | Description                                         |
-| ------------------------- | --------------------------------------------------- |
-| `OWGW_HOSTNAME`           | This will be used as a hostname for OWGW REST API   |
-| `UCENTRALGWUI_HOSTNAME`   | This will be used as a hostname for uCentralGW-UI   |
-| `OWGWFILEUPLOAD_HOSTNAME` | This will be used as a hostname for OWGW fileupload |
-| `OWSEC_HOSTNAME`          | This will be used as a hostname for OWSec REST API  |
-| `OWFMS_HOSTNAME`          | This will be used as a hostname for OWFms REST API  |
-| `RTTYS_HOSTNAME`          | This will be used as a hostname for RTTYS           |
-| `SYSTEM_URI_UI`           | Set this to your uCentralGW-UI URL                  |
-
-### owgw.env
-| Variable                 | Description                                  |
-| -----------------------  | -------------------------------------------- |
-| `FILEUPLOADER_HOST_NAME` | Set this to your OWGW fileupload hostname    |
-| `FILEUPLOADER_URI`       | Set this to your OWGW fileupload URL         |
-| `SYSTEM_URI_PUBLIC`      | Set this to your OWGW REST API public URL    |
-| `RTTY_SERVER`            | Set this to your public RTTY server hostname |
-
-### ucentralgw-ui.env
-| Variable            | Description                       |
-| ------------------- | --------------------------------- |
-| `DEFAULT_OWSEC_URL` | Set this to your public OWSec URL |
-
-### owsec.env
-| Variable            | Description                       |
-| ------------------- | --------------------------------- |
-| `SYSTEM_URI_PUBLIC` | Set this to your OWSec public URL |
-
-### owfms.env
-| Variable             | Description                              |
-| -------------------- | ---------------------------------------- |
-| `SYSTEM_URI_PUBLIC`  | Set this to your OWFms public URL  |
-
-### traefik.env
-| Variable                                            | Description                               |
-| --------------------------------------------------- | ----------------------------------------- |
-| `TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_EMAIL` | Email address used for ACME registration. |
-
-3. Since the deployment is split into multiple Compose and .env files it makes sense to create an alias, for example:
-```
-alias docker-compose-letsencrypt="docker-compose -f docker-compose.yml -f docker-compose.letsencrypt.yml --env-file .env.letsencrypt"
-```
-Spin up the deployment with `docker-compose-letsencrypt up -d` and make sure to always use the alias when executing `docker-compose` commands. You also have the possibility to scale specific services to a specified number of instances with `docker-compose-letsencrypt up -d --scale SERVICE=NUM`, where `SERVICE` is the service name as defined in the Compose file.
-
-4. Check if the containers are up and running with `docker-compose-letsencrypt ps`.
-5. Navigate to the UI and login with your OWSec authentication data.
-
-**Note**: Both deployments create local volumes to persist mostly application, database and certificate data. In addition to that the `certs/` directory is bind mounted into the microservice containers. Be aware that for the bind mounts the host directories and files will be owned by the user in the container. Since the files are under version control, you may have to change the ownership to your user again before pulling changes.
+PS: The deployment creates local volumes to persist mostly application and database data. In addition to that several bind mounts are created: one for the `docker-compose/certs/` directory which is used by multiple services, and the other ones mount service specific data directories and configuration files located under `docker-compose/` into the appropriate containers. Be aware that for the bind mounts the host directories and files will be owned by the user in the container. Since the files are under version control, you may have to change the ownership to your user again before pulling changes.

docker-compose/add-ca-cert.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+set -e
+
+SERVICES="ucentralgw.wlan.local ucentralsec.wlan.local"
+
+for i in $SERVICES; do
+    docker-compose exec -T -u root $i apk add ca-certificates
+    docker cp certs/restapi-ca.pem ucentral_$i\_1:/usr/local/share/ca-certificates/
+    docker-compose exec -T -u root $i update-ca-certificates
+done

docker-compose/certs/restapi-ca.pem

@@ -1,18 +1,18 @@
 -----BEGIN CERTIFICATE-----
-MIIC1zCCAb+gAwIBAgIUcvD8UKybLhglR9dt/btowLEga18wDQYJKoZIhvcNAQEL
-BQAwFzEVMBMGA1UEAwwMKi53bGFuLmxvY2FsMB4XDTIxMDkyMjEwMzExNloXDTMx
-MDkyMDEwMzExNlowFzEVMBMGA1UEAwwMKi53bGFuLmxvY2FsMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFV2AbvlMx9TDgD171Q5eqT8HG5UFoZPEhTW
-87EjnpRYv07sDgnlMKnql4nnZG7ljEZw9Ln+bjJj+aYnBTG3xCAvSjbBJRC7Iyoe
-CqYaBIPFyjSQ3uhTXd17Yu3M5OCudV+R577O2CGBn+5HFCoz88gT06qLwq+XfpKq
-GslR2JToLjAdKIDQmJtmeBJh+FJ9/tJJipxR1M1qj9miqvQxx2+AWUYLzfVQAGCN
-Nuk5DjKzDQ4DU2uFbEMQobXCQsUQka5LZiqi8TgN3v5CqbqKPYV4KRiVmQ+g/ko2
-/z5z1Uz9kxZz7DD4GIO/w9k2c/95eewxjGqGynVK7ibO1Grp2wIDAQABoxswGTAX
-BgNVHREEEDAOggwqLndsYW4ubG9jYWwwDQYJKoZIhvcNAQELBQADggEBAMfB/psY
-ivIHemtBFIPmuGZyan3Wdg5c3cbDLP8XhgS3CovH3+eMfqHfUQMEVnzvn0pb5SPG
-1qEQC6BPPBJexDLQ8PUNNtIeFk9phoJmkkkTLggrCoW5FLgxPJYVU4Lc7fpVdeFd
-UImExdoWQDSiWjMGYlS078c2Gd2eQSZ2So2kQGSRVUXlnr9LFGtSkrtVTXVQyfz4
-oIftZ1FQguMp/a58pmzhkMLQGBm8d0gaFlfKzpnGL/nEwWV5AbvNHgVz1BZn0v5a
-vv3+ex6qQ4Ftbq++G/1rfXQP+KOwOj62zUkXQIwJVVU2HMc4D1CrG98PRZqMuUrk
-SxsLQQSPsKFSqTc=
+MIIC4DCCAcgCCQC7oc+4dT4WlTANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJD
+QTEMMAoGA1UECgwDVElQMRUwEwYDVQQDDAwqLndsYW4ubG9jYWwwHhcNMjEwNzA3
+MDkyOTAxWhcNMzEwNzA1MDkyOTAxWjAyMQswCQYDVQQGEwJDQTEMMAoGA1UECgwD
+VElQMRUwEwYDVQQDDAwqLndsYW4ubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQD67KEKKHj1xyj0Sc+/WSFeXluhp+76V/8njnGcTus8IsaHWeAj
+O1T1/PnqNMNP3CSgCpAZRn7Eom33HH89pC7iIE5t3aGrFzxZ6AxFgECUCkby1j9D
+j7PawapJ7XNqT4P4ZGEGOWlLGE9oUpF2pr3B3jBwmV9t9d/Zp8na23K7rnsr5kNn
+RXp6iPNPpynppNQFBwzsovyhu9tzk/zz3gohSY9f6oyNNaKcZwN/yrG4B8FnRfa7
+WFNvkPi5zAjJ3oEXMp+Im2/SvSqzptYwZhplb14ILZ5ClkSwAslG8FiOAzXr887r
+hgEPzqP6SNIOwy/B/AMOFQl6wPvXBwz9eNW1AgMBAAEwDQYJKoZIhvcNAQELBQAD
+ggEBAA8Oa8jannqNRdqOuY460Pum1B61kGmf2OK2ZiMaddlxqL3ZBdXPqF02hwSd
+q6uxCVP5NgvqSm+pTHaDcODJiCBrMmGQqHT82LuoCyk1BMqH/PYm+kfazPhKF31x
+Me7E47DQzk4tMyV28HBCHH6UicQ05ryT1yBfmj8JmYNx9ezmJcanu0/eyI2Lv8Ar
+Y7mrgblfOUnsif2w/aUaOsoY1t6/ThgTBc3BTMtUXXAcMiPLu4mSdN6nCm75Qp5q
+4zl/SNPjLnmtpHhLDtr4swf6vZw0RG7ECCf6Av8lv8mJG6g53YM8jfe0EzLqbAFf
+iSuQbt5n6lMWVgv+FKwXjwAda+Q=
 -----END CERTIFICATE-----

docker-compose/certs/restapi-cert.pem

@@ -1,18 +1,18 @@
 -----BEGIN CERTIFICATE-----
-MIIC1zCCAb+gAwIBAgIUcvD8UKybLhglR9dt/btowLEga18wDQYJKoZIhvcNAQEL
-BQAwFzEVMBMGA1UEAwwMKi53bGFuLmxvY2FsMB4XDTIxMDkyMjEwMzExNloXDTMx
-MDkyMDEwMzExNlowFzEVMBMGA1UEAwwMKi53bGFuLmxvY2FsMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFV2AbvlMx9TDgD171Q5eqT8HG5UFoZPEhTW
-87EjnpRYv07sDgnlMKnql4nnZG7ljEZw9Ln+bjJj+aYnBTG3xCAvSjbBJRC7Iyoe
-CqYaBIPFyjSQ3uhTXd17Yu3M5OCudV+R577O2CGBn+5HFCoz88gT06qLwq+XfpKq
-GslR2JToLjAdKIDQmJtmeBJh+FJ9/tJJipxR1M1qj9miqvQxx2+AWUYLzfVQAGCN
-Nuk5DjKzDQ4DU2uFbEMQobXCQsUQka5LZiqi8TgN3v5CqbqKPYV4KRiVmQ+g/ko2
-/z5z1Uz9kxZz7DD4GIO/w9k2c/95eewxjGqGynVK7ibO1Grp2wIDAQABoxswGTAX
-BgNVHREEEDAOggwqLndsYW4ubG9jYWwwDQYJKoZIhvcNAQELBQADggEBAMfB/psY
-ivIHemtBFIPmuGZyan3Wdg5c3cbDLP8XhgS3CovH3+eMfqHfUQMEVnzvn0pb5SPG
-1qEQC6BPPBJexDLQ8PUNNtIeFk9phoJmkkkTLggrCoW5FLgxPJYVU4Lc7fpVdeFd
-UImExdoWQDSiWjMGYlS078c2Gd2eQSZ2So2kQGSRVUXlnr9LFGtSkrtVTXVQyfz4
-oIftZ1FQguMp/a58pmzhkMLQGBm8d0gaFlfKzpnGL/nEwWV5AbvNHgVz1BZn0v5a
-vv3+ex6qQ4Ftbq++G/1rfXQP+KOwOj62zUkXQIwJVVU2HMc4D1CrG98PRZqMuUrk
-SxsLQQSPsKFSqTc=
+MIIC4DCCAcgCCQC7oc+4dT4WlTANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJD
+QTEMMAoGA1UECgwDVElQMRUwEwYDVQQDDAwqLndsYW4ubG9jYWwwHhcNMjEwNzA3
+MDkyOTAxWhcNMzEwNzA1MDkyOTAxWjAyMQswCQYDVQQGEwJDQTEMMAoGA1UECgwD
+VElQMRUwEwYDVQQDDAwqLndsYW4ubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQD67KEKKHj1xyj0Sc+/WSFeXluhp+76V/8njnGcTus8IsaHWeAj
+O1T1/PnqNMNP3CSgCpAZRn7Eom33HH89pC7iIE5t3aGrFzxZ6AxFgECUCkby1j9D
+j7PawapJ7XNqT4P4ZGEGOWlLGE9oUpF2pr3B3jBwmV9t9d/Zp8na23K7rnsr5kNn
+RXp6iPNPpynppNQFBwzsovyhu9tzk/zz3gohSY9f6oyNNaKcZwN/yrG4B8FnRfa7
+WFNvkPi5zAjJ3oEXMp+Im2/SvSqzptYwZhplb14ILZ5ClkSwAslG8FiOAzXr887r
+hgEPzqP6SNIOwy/B/AMOFQl6wPvXBwz9eNW1AgMBAAEwDQYJKoZIhvcNAQELBQAD
+ggEBAA8Oa8jannqNRdqOuY460Pum1B61kGmf2OK2ZiMaddlxqL3ZBdXPqF02hwSd
+q6uxCVP5NgvqSm+pTHaDcODJiCBrMmGQqHT82LuoCyk1BMqH/PYm+kfazPhKF31x
+Me7E47DQzk4tMyV28HBCHH6UicQ05ryT1yBfmj8JmYNx9ezmJcanu0/eyI2Lv8Ar
+Y7mrgblfOUnsif2w/aUaOsoY1t6/ThgTBc3BTMtUXXAcMiPLu4mSdN6nCm75Qp5q
+4zl/SNPjLnmtpHhLDtr4swf6vZw0RG7ECCf6Av8lv8mJG6g53YM8jfe0EzLqbAFf
+iSuQbt5n6lMWVgv+FKwXjwAda+Q=
 -----END CERTIFICATE-----

docker-compose/certs/restapi-key.pem

@@ -1,28 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDIVXYBu+UzH1MO
-APXvVDl6pPwcblQWhk8SFNbzsSOelFi/TuwOCeUwqeqXiedkbuWMRnD0uf5uMmP5
-picFMbfEIC9KNsElELsjKh4KphoEg8XKNJDe6FNd3Xti7czk4K51X5Hnvs7YIYGf
-7kcUKjPzyBPTqovCr5d+kqoayVHYlOguMB0ogNCYm2Z4EmH4Un3+0kmKnFHUzWqP
-2aKq9DHHb4BZRgvN9VAAYI026TkOMrMNDgNTa4VsQxChtcJCxRCRrktmKqLxOA3e
-/kKpuoo9hXgpGJWZD6D+Sjb/PnPVTP2TFnPsMPgYg7/D2TZz/3l57DGMaobKdUru
-Js7UaunbAgMBAAECggEBAMFh9dMArORnhYYMGVuY4w9n+dH8EoHXzrY2lbSRtz+a
-Ff0+UxHOLYaHT2RPA6Xogv+g8+LZNCjtzaIs6JfUAX96TgwGxPVhrDPqsSs4Yf8f
-sKtbiMkUXX1LkpLR2KrL1LyKr86UWxk5ZuaaXdSyVIosBi+Z/uXFGKlfLINE+RPm
-HNxahajMoNJFqgf3kQKD6hmuPSO/BGAdDk/c8J2adTRz3cjEqaqfxwOxUNnHx0hC
-CGkw/Eszibnl/7KhbsKBcVcCKKcwbifwXb2H4h9yJl1YEzXALhunWhCT6/QQ1F9b
-XV7iVSXYt5QAxFTgGbGHmzfXMq7s2evYodMe87OEl+ECgYEA5qNUa6ol/WkvFy6O
-gnouswspQcR9yuKIIrYuORPI+85HfZEJQvdLyoIQgkDCl14SZRmProFBXXUGZU1D
-9VxW2TIftlFH9wwFhrWMBFPcRvNL3PSFQTzWwsF3IFcXQOlAwxr9KF741OFnSLWh
-LXFXXfQq9wQbBUwbrZDl4PKaGesCgYEA3l0KgRxzQHKnxfSGqk7V21mqYv8XNuVh
-ZhUukJoASQh59zbk2Jthu3HfQPmi83IBbR39QD5FLwNftNMeZf3GSHba8nSYYvtw
-faUMD2far7mDR8wuBPqRWBbNgpiL2Bp93K8kUFqujjZo5E6cVPdvKi9/9oVRZnew
-8AZwVPFqA9ECgYB0/9otm+0Vtqw62FVW/2B9V2YghOtDZtOkuEKOlejZRHWjz1Wh
-cQ4ztvNlADE21HQEcYkf/1YHcPxDm4SkDanJGNJZjLYzLxgGlEZpU5llLLsJZcnL
-pG9V8QrbjxKuzSUbVK+kMTmN1KKukeUnxl2JvfmlwaFreIZ58A2NpcRi7QKBgQDI
-fhWhklhsjLSvbSoa1xhGPhO+TQjOa4YleAXTRbfqIeVuvKUclQVK8IJ+4FdHr8yP
-aVHWIg9ZM26Q6SZoiafF4LzLjct0vAeSkkVMgrSQavFuxC/eN1rjlTPZg9fbkw9W
-8ugIN6tZ+L8c07Brf+pQnCGB0nUxscvsr7GLNV0EcQKBgEo51BY0PFEKcKjSZp0i
-excPcHdSQV3/BLOhc7rzmmQyRUXFTGbiE0lKvu0Y54NLHnb2WP1H8M45mIUH5YTh
-tOKvBtlh/4vbCAGWv8OJzN+sV9Ef/0odCHiWr//prkpdGs2jFS3VDiJALj3hxpox
-oThwxq1WTyi9ln3MJCWUqAQ9
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQD67KEKKHj1xyj0
+Sc+/WSFeXluhp+76V/8njnGcTus8IsaHWeAjO1T1/PnqNMNP3CSgCpAZRn7Eom33
+HH89pC7iIE5t3aGrFzxZ6AxFgECUCkby1j9Dj7PawapJ7XNqT4P4ZGEGOWlLGE9o
+UpF2pr3B3jBwmV9t9d/Zp8na23K7rnsr5kNnRXp6iPNPpynppNQFBwzsovyhu9tz
+k/zz3gohSY9f6oyNNaKcZwN/yrG4B8FnRfa7WFNvkPi5zAjJ3oEXMp+Im2/SvSqz
+ptYwZhplb14ILZ5ClkSwAslG8FiOAzXr887rhgEPzqP6SNIOwy/B/AMOFQl6wPvX
+Bwz9eNW1AgMBAAECggEAZdJT3u1heEqjAc5Z8QnYEpUzlbuxrAC9V23kCEu2BScP
+bKk53NIcvd00BKf4gZWRfygKJVeH5X8MJHR55aeUJsp5SPfgvK6nHMye/iz3B5vM
+AoqSDXZow2JHGcyzQvaVVNxWytHNOl3ZCzpGMOGkquDgwzBZmyNk/Muri5X1TtbH
+DgeYdht2YiHqHdGWsLNU1vZAgzlwD8fXg65XOmNehjWnowhpNRCgpcDeJCtEuNzt
+6iXFWffjO6YTbVnoM5xhLROjLv6gYP4wxsQSZc/NGz9Jow7VxlYZg9wCE75bduFn
+7D5O4OgVgPgYbyCutpB/o4PMNURb4V/5p2OAEgLX2QKBgQD+kHYRAaawRbaY4jGf
+isj0oh2C/Z99Mqf/nnpPwmUwrhpmnQ+pRdWBw940tPrEpVoOcCPWQ5hO1zUET18d
+xQqs3zd6lEhJogmMqkjOT670YBEX/wyALd3M5F3HT/K2aixL1XaCCpAl97JB9RyB
+zGIr5c+mIOVK/uYrlFO28thXzwKBgQD8VumZIYZpWeE7pTyCg0PcDYlNATA/VKoD
+9YrGqEEHGgFNJEWj8Xj8aqBzaPoUk+eGp7NfSoOchVM+Bf3ktWy5doZCmNuxlOyq
+Ix5yrB2jyYceaSf2nxHqlD2VhKB/YJx0yTU1UkB5dG4nYnqiUg7c5JeQOVzwFKm1
+t6/Hk/cXOwKBgGT+yWjL3+cVcXFMZGWouTudSdobZ3hTbaWTqXEVbfIXUPAfJgSB
+aUi3feQpXUhBVe5efUlXvgihhy4zk0gLUcXuNWOTiu5ztBgzwvjfUkkwB/geP0Zn
+bBULEU2vIVtP2k0n3oGPUUtO71ENvwacIOLLpUuCx5WudYEasu/lfwGvAoGBAOiE
+manuF3HaTU3tu20z0YLiwkK/tpqUxDjzuBXIEmudzdcsdjNUHbzR79mIwO/XPf95
+ZjKHcfD3dbXwRXzKpE3dZmfVfJMM/GrmA3d9G67B04z1Lsr01siGIp004cOd3W1L
+vojMqvZ/j8Ug3InX/TQUO4i9IuNi1uLISOQpdwTjAoGAG33swIFnH/mz7ubu8wfE
+9nwe8NNf56kbFBG2FMuHvo8GYj0sqylwtZnh4TCwlTzqUO8e6oFdK8Ot6z7H9Fa3
+vnDD2WRwEFydRP5fbW5eFmGbzLfHlzUY+Do81qrUMF47LEN94X7yaXdb/vNW57lp
+K9hGF1Bdk8089Knm3l1Fc4w=
 -----END PRIVATE KEY-----

docker-compose/docker-compose.letsencrypt.yml

@@ -1,30 +0,0 @@
-version: '3'
-
-volumes:
-  letsencrypt_certs:
-    driver: local
-
-services:
-  owgw:
-    env_file:
-      - .env.letsencrypt
-
-  owsec:
-    env_file:
-      - .env.letsencrypt
-
-  owfms:
-    env_file:
-      - .env.letsencrypt
-
-  rttys:
-    volumes:
-      - "./rttys/rttys_letsencrypt.conf:/rttys/rttys.conf"
-
-  traefik:
-    env_file:
-      - .env.letsencrypt
-    volumes:
-      - "./traefik/openwifi_letsencrypt.yaml:/etc/traefik/openwifi.yaml"
-      - "./certs/restapi-ca.pem:/certs/restapi-ca.pem"
-      - "letsencrypt_certs:/letsencrypt"

docker-compose/docker-compose.selfsigned.yml

@@ -1,27 +0,0 @@
-version: '3'
-
-services:
-  owgw:
-    env_file:
-      - .env.selfsigned
-
-  owsec:
-    env_file:
-      - .env.selfsigned
-
-  owfms:
-    env_file:
-      - .env.selfsigned
-
-  rttys:
-    volumes:
-      - "./certs/restapi-cert.pem:/etc/rttys/restapi-cert.pem"
-      - "./certs/restapi-key.pem:/etc/rttys/restapi-key.pem"
-      - "./rttys/rttys_selfsigned.conf:/rttys/rttys.conf"
-
-  traefik:
-    volumes:
-      - "./traefik/openwifi_selfsigned.yaml:/etc/traefik/openwifi.yaml"
-      - "./certs/restapi-ca.pem:/certs/restapi-ca.pem"
-      - "./certs/restapi-cert.pem:/certs/restapi-cert.pem"
-      - "./certs/restapi-key.pem:/certs/restapi-key.pem"

docker-compose/docker-compose.yml

@@ -1,12 +1,6 @@
 version: '3'
 
 volumes:
-  owgw_data:
-    driver: local
-  owsec_data:
-    driver: local
-  owfms_data:
-    driver: local
   zookeeper_data:
     driver: local
   zookeeper_datalog:
@@ -14,82 +8,63 @@ volumes:
   kafka_data:
     driver: local
 
-networks:
-  openwifi:
-
 services:
-  owgw:
-    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owgw:${OWGW_TAG}"
-    networks:
-      openwifi:
-        aliases:
-          - ${INTERNAL_OWGW_HOSTNAME}
+  ucentralgw.wlan.local:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/ucentralgw:${UCENTRALGW_TAG}"
     env_file:
-      - owgw.env
-    depends_on:
+      - .env_ucentralgw
+    depends_on: 
       - kafka
       - rttys
     restart: unless-stopped
+    ports:
+      - "15002:15002"
+      - "127.0.0.1:16002:16002"
+      - "16003:16003"
+      - "127.0.0.1:16102:16102"
     volumes:
-      - owgw_data:${OWGW_ROOT}/persist
-      - ./certs:/${OWGW_ROOT}/certs
+      - ./ucentralgw-data:/ucentralgw-data
+      - ./certs:/ucentralgw-data/certs
 
-  owgw-ui:
-    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owgw-ui:${OWGWUI_TAG}"
-    networks:
-      openwifi:
-        aliases:
-          - ${INTERNAL_OWGWUI_HOSTNAME}
+  ucentralgw-ui:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/ucentralgw-ui:${UCENTRALGWUI_TAG}"
     env_file:
-      - owgw-ui.env
+      - .env_ucentralgw-ui
     depends_on:
-      - owsec
-      - owgw
-      - owfms
+      - ucentralgw.wlan.local
     restart: unless-stopped
+    ports:
+      - "127.0.0.1:80:80"
 
-  owsec:
-    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owsec:${OWSEC_TAG}"
-    networks:
-      openwifi:
-        aliases:
-          - ${INTERNAL_OWSEC_HOSTNAME}
+  ucentralsec.wlan.local:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/ucentralsec:${UCENTRALSEC_TAG}"
     env_file:
-      - owsec.env
-    depends_on:
+      - .env_ucentralsec
+    depends_on: 
       - kafka
+      - rttys
+      - ucentralgw.wlan.local
     restart: unless-stopped
+    ports:
+      - "127.0.0.1:16001:16001"
+      - "127.0.0.1:16101:16101"
     volumes:
-      - owsec_data:${OWSEC_ROOT}/persist
-      - ./certs:/${OWSEC_ROOT}/certs
-
-  owfms:
-    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owfms:${OWFMS_TAG}"
-    networks:
-      openwifi:
-        aliases:
-          - ${INTERNAL_OWFMS_HOSTNAME}
-    env_file:
-      - owfms.env
-    depends_on:
-      - kafka
-    restart: unless-stopped
-    volumes:
-      - owfms_data:${OWFMS_ROOT}/persist
-      - ./certs:/${OWFMS_ROOT}/certs
+      - ./ucentralsec-data:/ucentralsec-data
+      - ./certs:/ucentralsec-data/certs
 
   rttys:
     image: "tip-tip-wlan-cloud-ucentral.jfrog.io/rttys:${RTTYS_TAG}"
-    networks:
-      openwifi:
-        aliases:
-          - ${INTERNAL_RTTYS_HOSTNAME}
     restart: unless-stopped
+    ports:
+    - "127.0.0.1:5912:5912"
+    - "127.0.0.1:5913:5913"
+    volumes:
+      - ./certs/restapi-cert.pem:/etc/rttys/restapi-cert.pem
+      - ./certs/restapi-key.pem:/etc/rttys/restapi-key.pem
+      - ./rttys/rttys.conf:/rttys/rttys.conf
 
   zookeeper:
     image: "zookeeper:${ZOOKEEPER_TAG}"
-    networks:
-      openwifi:
     restart: unless-stopped
     volumes:
       - zookeeper_data:/data
@@ -97,36 +72,10 @@ services:
 
   kafka:
     image: "docker.io/bitnami/kafka:${KAFKA_TAG}"
-    networks:
-      openwifi:
     env_file:
-      - kafka.env
+      - .env_kafka
     restart: unless-stopped
     depends_on:
       - zookeeper
     volumes:
       - kafka_data:/bitnami/kafka
-
-  traefik:
-    image: "traefik:${TRAEFIK_TAG}"
-    networks:
-      openwifi:
-    env_file:
-      - traefik.env
-    depends_on:
-      - owsec
-      - owgw
-      - owgw-ui
-      - owfms
-      - rttys
-    restart: unless-stopped
-    ports:
-      - "15002:15002"
-      - "16002:16002"
-      - "16003:16003"
-      - "80:80"
-      - "443:443"
-      - "16001:16001"
-      - "16004:16004"
-      - "5912:5912"
-      - "5913:5913"

docker-compose/owfms.env

@@ -1,9 +0,0 @@
-RUN_CHOWN=true
-TEMPLATE_CONFIG=true
-SELFSIGNED_CERTS=true
-SYSTEM_DATA=$OWFMS_ROOT/persist
-SYSTEM_URI_PRIVATE=https://owfms.wlan.local:17004
-SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16004
-S3_SECRET=b0S6EiR5RLIxoe7Xvz9YXPPdxQCoZ6ze37qunTAI
-S3_KEY=AKIAUG47UZG7R6SRLD7F
-KAFKA_BROKERLIST=kafka:9092

docker-compose/owgw-ui.env

@@ -1,2 +0,0 @@
-DEFAULT_UCENTRALSEC_URL=https://openwifi.wlan.local:16001
-ALLOW_UCENTRALSEC_CHANGE=false

docker-compose/owgw.env

@@ -1,12 +0,0 @@
-RUN_CHOWN=true
-TEMPLATE_CONFIG=true
-SELFSIGNED_CERTS=true
-FILEUPLOADER_HOST_NAME=openwifi.wlan.local
-FILEUPLOADER_PATH=$OWGW_ROOT/persist/uploads
-FILEUPLOADER_URI=https://openwifi.wlan.local:16003
-SYSTEM_DATA=$OWGW_ROOT/persist
-SYSTEM_URI_PRIVATE=https://owgw.wlan.local:17002
-SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16002
-RTTY_ENABLED=true
-RTTY_SERVER=openwifi.wlan.local
-KAFKA_BROKERLIST=kafka:9092

docker-compose/owsec.env

@@ -1,7 +0,0 @@
-RUN_CHOWN=true
-TEMPLATE_CONFIG=true
-SELFSIGNED_CERTS=true
-SYSTEM_DATA=$OWSEC_ROOT/persist
-SYSTEM_URI_PRIVATE=https://owsec.wlan.local:17001
-SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16001
-KAFKA_BROKERLIST=kafka:9092

docker-compose/rttys/rttys_letsencrypt.conf

@@ -1,16 +0,0 @@
-addr-dev: :5912
-addr-user: :5913
-#addr-web: :5914
-#web-redir-url:# Auth for http
-http-username: rttys
-http-password: rttys
-#ssl-cert: /etc/rttys/restapi-cert.pem
-#ssl-key: /etc/rttys/restapi-key.pem
-token: 96181c567b4d0d98c50f127230068fa8
-# font-size: 16
-# No login required to connect device.
-# Values can be device IDs separated by spaces,
-# or a "*" indicates that all devices do not require login
-# http://localhost:5913/connect/rtty1
-white-list: "*"
-#white-list: rtty1 rtty2

docker-compose/traefik.env

@@ -1,16 +0,0 @@
-TRAEFIK_ENTRYPOINTS_OWGWWEBSOCKET_ADDRESS=:15002
-TRAEFIK_ENTRYPOINTS_OWGWRESTAPI_ADDRESS=:16002
-TRAEFIK_ENTRYPOINTS_OWGWFILEUPLOAD_ADDRESS=:16003
-TRAEFIK_ENTRYPOINTS_OWGWUIHTTP_ADDRESS=:80
-TRAEFIK_ENTRYPOINTS_OWGWUIHTTP_HTTP_REDIRECTIONS_ENTRYPOINT_TO=owgwuihttps
-TRAEFIK_ENTRYPOINTS_OWGWUIHTTPS_ADDRESS=:443
-TRAEFIK_ENTRYPOINTS_OWSECRESTAPI_ADDRESS=:16001
-TRAEFIK_ENTRYPOINTS_OWFMSRESTAPI_ADDRESS=:16004
-TRAEFIK_ENTRYPOINTS_RTTYSDEV_ADDRESS=:5912
-TRAEFIK_ENTRYPOINTS_RTTYSUSER_ADDRESS=:5913
-TRAEFIK_PROVIDERS_FILE_FILENAME=/etc/traefik/openwifi.yaml
-TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_EMAIL=
-TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_HTTPCHALLENGE=true
-TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_HTTPCHALLENGE_ENTRYPOINT=owgwuihttp
-TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_STORAGE=/letsencrypt/acme.json
-TRAEFIK_SERVERSTRANSPORT_ROOTCAS=/certs/restapi-ca.pem

docker-compose/traefik/openwifi_letsencrypt.yaml

@@ -1,95 +0,0 @@
-http:
-  services:
-    owgw-ui:
-      loadBalancer:
-        servers:
-          - url: "http://owgw-ui.wlan.local:80/"
-    owgw-restapi:
-      loadBalancer:
-        servers:
-          - url: "https://owgw.wlan.local:16002/"
-    owgw-fileupload:
-      loadBalancer:
-        servers:
-          - url: "https://owgw.wlan.local:16003/"
-    owsec-restapi:
-      loadBalancer:
-        servers:
-          - url: "https://owsec.wlan.local:16001/"
-    owfms-restapi:
-      loadBalancer:
-        servers:
-          - url: "https://owfms.wlan.local:16004/"
-    rttys-user:
-      loadBalancer:
-        servers:
-          - url: "http://rttys.wlan.local:5913/"
-
-  routers:
-    owgw-ui-http:
-      entryPoints: "owgwuihttp"
-      service: "owgw-ui"
-      rule: "Host(`{{ env "OWGWUI_HOSTNAME" }}`)"
-    owgw-ui-https:
-      entryPoints: "owgwuihttps"
-      service: "owgw-ui"
-      rule: "Host(`{{ env "OWGWUI_HOSTNAME" }}`)"
-      tls:
-        certResolver: "openwifi"
-    owgw-fileupload:
-      entryPoints: "owgwfileupload"
-      service: "owgw-fileupload"
-      rule: "Host(`{{ env "OWGWFILEUPLOAD_HOSTNAME" }}`)"
-      tls:
-        certResolver: "openwifi"
-    owgw-restapi:
-      entryPoints: "owgwrestapi"
-      service: "owgw-restapi"
-      rule: "Host(`{{ env "OWGW_HOSTNAME" }}`)"
-      tls:
-        certResolver: "openwifi"
-    owsec-restapi:
-      entryPoints: "owsecrestapi"
-      service: "owsec-restapi"
-      rule: "Host(`{{ env "OWSEC_HOSTNAME" }}`)"
-      tls:
-        certResolver: "openwifi"
-    owfms-restapi:
-      entryPoints: "owfmsrestapi"
-      service: "owfms-restapi"
-      rule: "Host(`{{env "OWFMS_HOSTNAME"}}`)"
-      tls:
-        certResolver: "openwifi"
-    rttys-user:
-      entryPoints: "rttysuser"
-      service: "rttys-user"
-      rule: "Host(`{{ env "RTTYS_HOSTNAME" }}`)"
-      tls:
-        certResolver: "openwifi"
-
-tcp:
-  services:
-    owgw-websocket:
-      loadBalancer:
-        servers:
-          - address: "owgw.wlan.local:15002"
-
-    rttys-dev:
-      loadBalancer:
-        servers:
-          - address: "rttys.wlan.local:5912"
-
-  routers:
-    owgw-websocket:
-      entryPoints: "owgwwebsocket"
-      service: "owgw-websocket"
-      rule: "HostSNI(`*`)"
-      tls:
-        passthrough: true
-
-    rttys-dev:
-      entryPoints: "rttysdev"
-      service: "rttys-dev"
-      rule: "HostSNI(`{{ env "RTTYS_HOSTNAME" }}`)"
-      tls:
-        certResolver: openwifi

docker-compose/traefik/openwifi_selfsigned.yaml

@@ -1,98 +0,0 @@
-tls:
-  certificates:
-    - certFile: /certs/restapi-cert.pem
-      keyFile: /certs/restapi-key.pem
-
-http:
-  services:
-    owgw-ui:
-      loadBalancer:
-        servers:
-          - url: "http://owgw-ui.wlan.local:80/"
-
-  routers:
-    owgw-ui-http:
-      entryPoints: "owgwuihttp"
-      service: "owgw-ui"
-      rule: "PathPrefix(`/`)"
-
-    owgw-ui-https:
-      entryPoints: "owgwuihttps"
-      service: "owgw-ui"
-      rule: "PathPrefix(`/`)"
-      tls: {}
-
-tcp:
-  services:
-    owgw-websocket:
-      loadBalancer:
-        servers:
-          - address: "owgw.wlan.local:15002"
-    owgw-restapi:
-      loadBalancer:
-        servers:
-          - address: "owgw.wlan.local:16002"
-    owgw-fileupload:
-      loadBalancer:
-        servers:
-          - address: "owgw.wlan.local:16003"
-    owsec-restapi:
-      loadBalancer:
-        servers:
-          - address: "owsec.wlan.local:16001"
-    owfms-restapi:
-      loadBalancer:
-        servers:
-          - address: "owfms.wlan.local:16004"
-    rttys-dev:
-      loadBalancer:
-        servers:
-          - address: "rttys.wlan.local:5912"
-    rttys-user:
-      loadBalancer:
-        servers:
-          - address: "rttys.wlan.local:5913"
-
-  routers:
-    owgw-websocket:
-      entryPoints: "owgwwebsocket"
-      service: "owgw-websocket"
-      rule: "HostSNI(`*`)"
-      tls:
-        passthrough: true
-    owgw-restapi:
-      entryPoints: "owgwrestapi"
-      service: "owgw-restapi"
-      rule: "HostSNI(`*`)"
-      tls:
-        passthrough: true
-    owgw-fileupload:
-      entryPoints: "owgwfileupload"
-      service: "owgw-fileupload"
-      rule: "HostSNI(`*`)"
-      tls:
-        passthrough: true
-    owsec-restapi:
-      entryPoints: "owsecrestapi"
-      service: "owsec-restapi"
-      rule: "HostSNI(`*`)"
-      tls:
-        passthrough: true
-    owfms-restapi:
-      entryPoints: "owfmsrestapi"
-      service: "owfms-restapi"
-      rule: "HostSNI(`*`)"
-      tls:
-        passthrough: true
-    rttys-dev:
-      entryPoints: "rttysdev"
-      service: "rttys-dev"
-      rule: "HostSNI(`*`)"
-      tls:
-        passthrough: true
-    rttys-user:
-      entryPoints: "rttysuser"
-      service: "rttys-user"
-      rule: "HostSNI(`*`)"
-      tls:
-        passthrough: true

docker-compose/ucentralgw-data/ucentralgw.properties

@@ -0,0 +1,194 @@
+#
+# uCentral protocol server for devices. This is where you point
+# all your devices. You can replace the * for address by the specific
+# address of one of your interfaces
+#
+ucentral.websocket.host.0.backlog = 500
+ucentral.websocket.host.0.rootca = $UCENTRALGW_ROOT/certs/root.pem
+ucentral.websocket.host.0.issuer = $UCENTRALGW_ROOT/certs/issuer.pem
+ucentral.websocket.host.0.cert = $UCENTRALGW_ROOT/certs/websocket-cert.pem
+ucentral.websocket.host.0.key = $UCENTRALGW_ROOT/certs/websocket-key.pem
+ucentral.websocket.host.0.clientcas = $UCENTRALGW_ROOT/certs/clientcas.pem
+ucentral.websocket.host.0.cas = $UCENTRALGW_ROOT/certs/cas
+ucentral.websocket.host.0.address = *
+ucentral.websocket.host.0.port = 15002
+ucentral.websocket.host.0.security = strict
+ucentral.websocket.host.0.key.password = mypassword
+ucentral.websocket.maxreactors = 20
+
+#
+# REST API access
+#
+ucentral.restapi.host.0.backlog = 100
+ucentral.restapi.host.0.security = relaxed
+ucentral.restapi.host.0.rootca = $UCENTRALGW_ROOT/certs/restapi-ca.pem
+ucentral.restapi.host.0.address = *
+ucentral.restapi.host.0.port = 16002
+ucentral.restapi.host.0.cert = $UCENTRALGW_ROOT/certs/restapi-cert.pem
+ucentral.restapi.host.0.key = $UCENTRALGW_ROOT/certs/restapi-key.pem
+ucentral.restapi.host.0.key.password = mypassword
+
+ucentral.internal.restapi.host.0.backlog = 100
+ucentral.internal.restapi.host.0.security = relaxed
+ucentral.internal.restapi.host.0.rootca = $UCENTRALGW_ROOT/certs/restapi-ca.pem
+ucentral.internal.restapi.host.0.address = *
+ucentral.internal.restapi.host.0.port = 17002
+ucentral.internal.restapi.host.0.cert = $UCENTRALGW_ROOT/certs/restapi-cert.pem
+ucentral.internal.restapi.host.0.key = $UCENTRALGW_ROOT/certs/restapi-key.pem
+ucentral.internal.restapi.host.0.key.password = mypassword
+
+#
+# Used to upload files to the service.
+# You should replace the 'name' vaalue with the IP address of your gateway or an FQDN
+# that your devices can reach
+#
+ucentral.fileuploader.host.0.backlog = 100
+ucentral.fileuploader.host.0.rootca = $UCENTRALGW_ROOT/certs/restapi-ca.pem
+ucentral.fileuploader.host.0.security = relaxed
+ucentral.fileuploader.host.0.address = *
+ucentral.fileuploader.host.0.name = ucentral.wlan.local
+ucentral.fileuploader.host.0.port = 16003
+ucentral.fileuploader.host.0.cert = $UCENTRALGW_ROOT/certs/restapi-cert.pem
+ucentral.fileuploader.host.0.key = $UCENTRALGW_ROOT/certs/restapi-key.pem
+ucentral.fileuploader.host.0.key.password = mypassword
+ucentral.fileuploader.path = $UCENTRALGW_ROOT/uploads
+ucentral.fileuploader.maxsize = 10000
+
+#
+# Generic section that all microservices must have
+#
+ucentral.service.key = $UCENTRALGW_ROOT/certs/restapi-key.pem
+ucentral.system.data = $UCENTRALGW_ROOT/data
+ucentral.system.debug = true
+#ucentral.system.uri.private = https://localhost:17002
+#ucentral.system.uri.public = https://local.dpaas.arilia.com:16002
+#ucentral.system.uri.ui = https://ucentral-ui.arilia.com
+ucentral.system.uri.private = https://ucentralgw.wlan.local:17002
+ucentral.system.uri.public = https://ucentral.wlan.local:16002
+ucentral.system.uri.ui = http://127.0.0.1
+ucentral.system.commandchannel = /tmp/app.ucentralgw
+
+#
+# Gateway Microservice Specific Section
+#
+ucentral.autoprovisioning = true
+ucentral.devicetypes.0 = AP:linksys_ea8300,edgecore_eap101,linksys_e8450-ubi
+ucentral.devicetypes.1 = SWITCH:edgecore_ecs4100-12ph
+ucentral.devicetypes.2 = IOT:esp32
+oui.download.uri = https://linuxnet.ca/ieee/oui.txt
+firmware.autoupdate.policy.default = auto
+
+#
+# rtty
+#
+rtty.enabled = true
+rtty.server = ucentral.wlan.local
+rtty.port = 5912
+rtty.token = 96181c567b4d0d98c50f127230068fa8
+rtty.timeout = 60
+rtty.viewport = 5913
+
+#############################
+# Generic information for all micro services
+#############################
+#
+# NLB Support
+#
+alb.enable = true
+alb.port = 16102
+
+#
+# Kafka
+#
+ucentral.kafka.group.id = gateway
+ucentral.kafka.client.id = gateway1
+ucentral.kafka.enable = true
+ucentral.kafka.brokerlist = kafka:9092
+# ucentral.kafka.brokerlist = debfarm1-node-c.arilia.com:9092
+ucentral.kafka.auto.commit = false
+ucentral.kafka.queue.buffering.max.ms = 50
+
+#
+# This section select which form of persistence you need
+# Only one selected at a time. If you select multiple, this service will die if a horrible
+# death and might make your beer flat.
+#
+storage.type = sqlite
+#storage.type = postgresql
+#storage.type = mysql
+#storage.type = odbc
+
+storage.type.sqlite.db = devices.db
+storage.type.sqlite.idletime = 120
+storage.type.sqlite.maxsessions = 128
+
+storage.type.postgresql.maxsessions = 64
+storage.type.postgresql.idletime = 60
+storage.type.postgresql.host = postgresql
+storage.type.postgresql.username = ucentralgw
+storage.type.postgresql.password = ucentralgw
+storage.type.postgresql.database = ucentralgw
+storage.type.postgresql.port = 5432
+storage.type.postgresql.connectiontimeout = 60
+
+storage.type.mysql.maxsessions = 64
+storage.type.mysql.idletime = 60
+storage.type.mysql.host = localhost
+storage.type.mysql.username = stephb
+storage.type.mysql.password = snoopy99
+storage.type.mysql.database = ucentral
+storage.type.mysql.port = 3306
+storage.type.mysql.connectiontimeout = 60
+
+archiver.enabled = true
+archiver.schedule = 03:00
+archiver.db.0.name = healthchecks
+archiver.db.0.keep = 7
+archiver.db.1.name = statistics
+archiver.db.1.keep = 7
+archiver.db.2.name = devicelogs
+archiver.db.2.keep = 7
+archiver.db.3.name = commandlist
+archiver.db.3.keep = 7
+
+########################################################################
+########################################################################
+#
+# Logging: please leave as is for now.
+#
+########################################################################
+
+logging.formatters.f1.class = PatternFormatter
+logging.formatters.f1.pattern = %Y-%m-%d %H:%M:%S %s: [%p] %t
+logging.formatters.f1.times = UTC
+logging.channels.c1.class = ConsoleChannel
+logging.channels.c1.formatter = f1
+
+# This is where the logs will be written. This path MUST exist
+logging.channels.c2.class = FileChannel
+logging.channels.c2.path = $UCENTRALGW_ROOT/logs/log
+logging.channels.c2.formatter.class = PatternFormatter
+logging.channels.c2.formatter.pattern = %Y-%m-%d %H:%M:%S %s: [%p] %t
+logging.channels.c2.rotation = 20 M
+logging.channels.c2.archive = timestamp
+logging.channels.c2.purgeCount = 20
+logging.channels.c3.class = ConsoleChannel
+logging.channels.c3.pattern = %s: [%p] %t
+
+# External Channel
+logging.loggers.root.channel = c1
+logging.loggers.root.level = debug
+
+# Inline Channel with PatternFormatter
+# logging.loggers.l1.name = logger1
+# logging.loggers.l1.channel.class = ConsoleChannel
+# logging.loggers.l1.channel.pattern = %s: [%p] %t
+# logging.loggers.l1.level = information
+# SplitterChannel
+# logging.channels.splitter.class = SplitterChannel
+# logging.channels.splitter.channels = l1,l2
+# logging.loggers.l2.name = logger2
+# logging.loggers.l2.channel = splitter
+
+
+

docker-compose/ucentralsec-data/ucentralsec.properties

@@ -0,0 +1,145 @@
+#
+# uCentral protocol server for devices. This is where you point
+# all your devices. You can replace the * for address by the specific
+# address of one of your interfaces
+#
+
+#
+# REST API access
+#
+ucentral.restapi.host.0.backlog = 100
+ucentral.restapi.host.0.security = relaxed
+ucentral.restapi.host.0.rootca = $UCENTRALSEC_ROOT/certs/restapi-ca.pem
+ucentral.restapi.host.0.address = *
+ucentral.restapi.host.0.port = 16001
+ucentral.restapi.host.0.cert = $UCENTRALSEC_ROOT/certs/restapi-cert.pem
+ucentral.restapi.host.0.key = $UCENTRALSEC_ROOT/certs/restapi-key.pem
+ucentral.restapi.host.0.key.password = mypassword
+ucentral.restapi.wwwassets = $UCENTRALSEC_ROOT/wwwassets
+
+ucentral.internal.restapi.host.0.backlog = 100
+ucentral.internal.restapi.host.0.security = relaxed
+ucentral.internal.restapi.host.0.rootca = $UCENTRALSEC_ROOT/certs/restapi-ca.pem
+ucentral.internal.restapi.host.0.address = *
+ucentral.internal.restapi.host.0.port = 17001
+ucentral.internal.restapi.host.0.cert = $UCENTRALSEC_ROOT/certs/restapi-cert.pem
+ucentral.internal.restapi.host.0.key = $UCENTRALSEC_ROOT/certs/restapi-key.pem
+ucentral.internal.restapi.host.0.key.password = mypassword
+
+#
+# Generic section that all microservices must have
+#
+authentication.enabled = true
+authentication.default.username = tip@ucentral.com
+authentication.default.password = 13268b7daa751240369d125e79c873bd8dd3bef7981bdfd38ea03dbb1fbe7dcf
+ucentral.system.data = $UCENTRALSEC_ROOT/data
+ucentral.system.uri.private = https://ucentralsec.wlan.local:17001
+ucentral.system.uri.public = https://ucentral.wlan.local:16001
+ucentral.system.uri.ui = http://127.0.0.1
+ucentral.system.commandchannel = /tmp/app.ucentralsec
+ucentral.service.key = $UCENTRALSEC_ROOT/certs/restapi-key.pem
+
+#
+# Security Microservice Specific Section
+#
+mailer.hostname = smtp.gmail.com
+mailer.username = no-reply@arilia.com
+mailer.password = pink-elephants-play-hockey
+mailer.loginmethod = login
+mailer.port = 587
+mailer.templates = $UCENTRALSEC_ROOT/templates
+
+
+#############################
+# Generic information for all micro services
+#############################
+#
+# NLB Support
+#
+alb.enable = true
+alb.port = 16101
+
+#
+# Kafka
+#
+ucentral.kafka.group.id = security
+ucentral.kafka.client.id = security1
+ucentral.kafka.enable = true
+# ucentral.kafka.brokerlist = a1.arilia.com:9092
+ucentral.kafka.brokerlist = kafka:9092
+ucentral.kafka.auto.commit = false
+ucentral.kafka.queue.buffering.max.ms = 50
+
+#
+# This section select which form of persistence you need
+# Only one selected at a time. If you select multiple, this service will die if a horrible
+# death and might make your beer flat.
+#
+storage.type = sqlite
+#storage.type = postgresql
+#storage.type = mysql
+#storage.type = odbc
+
+storage.type.sqlite.db = security.db
+storage.type.sqlite.idletime = 120
+storage.type.sqlite.maxsessions = 128
+
+storage.type.postgresql.maxsessions = 64
+storage.type.postgresql.idletime = 60
+storage.type.postgresql.host = postgresql
+storage.type.postgresql.username = ucentralsec
+storage.type.postgresql.password = ucentralsec
+storage.type.postgresql.database = ucentralsec
+storage.type.postgresql.port = 5432
+storage.type.postgresql.connectiontimeout = 60
+
+storage.type.mysql.maxsessions = 64
+storage.type.mysql.idletime = 60
+storage.type.mysql.host = localhost
+storage.type.mysql.username = stephb
+storage.type.mysql.password = snoopy99
+storage.type.mysql.database = ucentral
+storage.type.mysql.port = 3306
+storage.type.mysql.connectiontimeout = 60
+
+
+########################################################################
+########################################################################
+#
+# Logging: please leave as is for now.
+#
+########################################################################
+logging.formatters.f1.class = PatternFormatter
+logging.formatters.f1.pattern = %Y-%m-%d %H:%M:%S %s: [%p] %t
+logging.formatters.f1.times = UTC
+logging.channels.c1.class = ConsoleChannel
+logging.channels.c1.formatter = f1
+
+# This is where the logs will be written. This path MUST exist
+logging.channels.c2.class = FileChannel
+logging.channels.c2.path = $UCENTRALSEC_ROOT/logs/log
+logging.channels.c2.formatter.class = PatternFormatter
+logging.channels.c2.formatter.pattern = %Y-%m-%d %H:%M:%S %s: [%p] %t
+logging.channels.c2.rotation = 20 M
+logging.channels.c2.archive = timestamp
+logging.channels.c2.purgeCount = 20
+logging.channels.c3.class = ConsoleChannel
+logging.channels.c3.pattern = %s: [%p] %t
+
+# External Channel
+logging.loggers.root.channel = c1
+logging.loggers.root.level = debug
+
+# Inline Channel with PatternFormatter
+# logging.loggers.l1.name = logger1
+# logging.loggers.l1.channel.class = ConsoleChannel
+# logging.loggers.l1.channel.pattern = %s: [%p] %t
+# logging.loggers.l1.level = information
+# SplitterChannel
+# logging.channels.splitter.class = SplitterChannel
+# logging.channels.splitter.channels = l1,l2
+# logging.loggers.l2.name = logger2
+# logging.loggers.l2.channel = splitter
+
+
+